Adding AI to sinus surgery system saw malfunctions rocket from eight to 100 incidents, according to new investigation
Much to no software engineer's surprise, he found some hard-coded access credentials in the app binary, apparently shared across all copies of the app (doh!), as well as the expected API endpoints for sending/receiving data remotely. Eventually, he and Claude mapped out the mask's 15 commands and functions, and had the communication protocol reasonably reverse-engineered.
It was then time to make a small web app to control the mask. That worked fine, and Hatzistamou could get his mask's information and control its functions without using the buggy Android application. Alas, that was not the end of the story. During the reverse-engineering, he had Claude poke at the remote data endpoints. When connecting to the MQTT services with the aforementioned hardcoded credentials, he did indeed get his sensor readings… along with everyone else's.
Hatzistamou estimated that among the received data, about 25 masks were in use right there and then, and he even captured the real-time EEG readings from two hapless people somewhere on the planet. Since the mask has electrical muscle stimulation (EMS) and the access credentials are the same for every device, he could theoretically tell other masks to trigger electrical impulses.
The engineer sent his findings to the company, as he actually sounds happy with the product, data issues notwithstanding. As a developer myself, this situation doesn't appear to show any malicious intent from the makers and serves as yet another unsurprising illustration of how low the bar has become for software development in this day and age.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/peripherals/wearable-tech/SPONSORED_LINK_URL
- https://www.tomshardware.com/peripherals/wearable-tech/engineer-finds-his-smart-sleep-mask-can-read-other-peoples-brainwaves-superpower-granted-via-poor-quality-software-with-hardcoded-high-level-credentials#main
- https://www.tomshardware.com
- Tiny Mac look-a-like alarm clock transformed to run real Mac software
- Elegoo sale pairs colored PLA filament with its Centauri Carbon 2 3D printer for just $475 — Presidents' Day printing bonanza
- Microsoft’s AI boss says AI can replace every white-collar job in 18 months — ‘We’re going to have a human-level performance on most, if not all, professional t
- Everything Will Be Represented in a Virtual Twin, NVIDIA CEO Jensen Huang Says at 3DEXPERIENCE World
- Living neurons integrated into modern AI processing, claims SF startup — biological computing power used to boost computer vision, generative video, and more
Informational only. No financial advice. Do your own research.